diff --git a/services/terraform/modules/shared/dynamodb.tf b/services/terraform/modules/shared/dynamodb.tf
index 35992e193d..9021d2765b 100644
--- a/services/terraform/modules/shared/dynamodb.tf
+++ b/services/terraform/modules/shared/dynamodb.tf
@@ -1,3 +1,7 @@
+locals {
+  pitr_enabled = terraform.workspace == "production" ? true : false
+}
+
 resource "aws_dynamodb_table" "backup-service-backup" {
   name         = "backup-service-backup"
   hash_key     = "userID"
@@ -26,6 +30,10 @@ resource "aws_dynamodb_table" "backup-service-backup" {
     projection_type    = "INCLUDE"
     non_key_attributes = ["userKeys", "siweBackupMsg"]
   }
+
+  point_in_time_recovery {
+    enabled = local.pitr_enabled
+  }
 }
 
 resource "aws_dynamodb_table" "backup-service-log" {
@@ -43,6 +51,10 @@ resource "aws_dynamodb_table" "backup-service-log" {
     name = "logID"
     type = "N"
   }
+
+  point_in_time_recovery {
+    enabled = local.pitr_enabled
+  }
 }
 
 resource "aws_dynamodb_table" "blob-service-blobs" {
@@ -77,6 +89,10 @@ resource "aws_dynamodb_table" "blob-service-blobs" {
     range_key       = "last_modified"
     projection_type = "KEYS_ONLY"
   }
+
+  point_in_time_recovery {
+    enabled = local.pitr_enabled
+  }
 }
 
 resource "aws_dynamodb_table" "tunnelbroker-undelivered-messages" {
@@ -94,6 +110,10 @@ resource "aws_dynamodb_table" "tunnelbroker-undelivered-messages" {
     name = "messageID"
     type = "S"
   }
+
+  point_in_time_recovery {
+    enabled = local.pitr_enabled
+  }
 }
 
 resource "aws_dynamodb_table" "tunnelbroker-device-tokens" {
@@ -116,6 +136,10 @@ resource "aws_dynamodb_table" "tunnelbroker-device-tokens" {
     hash_key        = "deviceToken"
     projection_type = "KEYS_ONLY"
   }
+
+  point_in_time_recovery {
+    enabled = local.pitr_enabled
+  }
 }
 
 resource "aws_dynamodb_table" "identity-users" {
@@ -174,6 +198,10 @@ resource "aws_dynamodb_table" "identity-users" {
     hash_key        = "usernameLower"
     projection_type = "KEYS_ONLY"
   }
+
+  point_in_time_recovery {
+    enabled = local.pitr_enabled
+  }
 }
 
 resource "aws_dynamodb_table" "identity-devices" {
@@ -219,6 +247,10 @@ resource "aws_dynamodb_table" "identity-devices" {
     range_key       = "loginTime"
     projection_type = "KEYS_ONLY"
   }
+
+  point_in_time_recovery {
+    enabled = local.pitr_enabled
+  }
 }
 
 resource "aws_dynamodb_table" "identity-tokens" {
@@ -236,6 +268,10 @@ resource "aws_dynamodb_table" "identity-tokens" {
     name = "signingPublicKey"
     type = "S"
   }
+
+  point_in_time_recovery {
+    enabled = local.pitr_enabled
+  }
 }
 
 resource "aws_dynamodb_table" "identity-nonces" {
@@ -304,6 +340,10 @@ resource "aws_dynamodb_table" "identity-reserved-usernames" {
     hash_key        = "userID"
     projection_type = "KEYS_ONLY"
   }
+
+  point_in_time_recovery {
+    enabled = local.pitr_enabled
+  }
 }
 
 resource "aws_dynamodb_table" "identity-one-time-keys" {
@@ -321,6 +361,10 @@ resource "aws_dynamodb_table" "identity-one-time-keys" {
     name = "timestamp#keyNumber"
     type = "S"
   }
+
+  point_in_time_recovery {
+    enabled = local.pitr_enabled
+  }
 }
 
 resource "aws_dynamodb_table" "feature-flags" {
@@ -338,6 +382,10 @@ resource "aws_dynamodb_table" "feature-flags" {
     name = "feature"
     type = "S"
   }
+
+  point_in_time_recovery {
+    enabled = local.pitr_enabled
+  }
 }
 
 resource "aws_dynamodb_table" "reports-service-reports" {
@@ -349,4 +397,8 @@ resource "aws_dynamodb_table" "reports-service-reports" {
     name = "reportID"
     type = "S"
   }
+
+  point_in_time_recovery {
+    enabled = local.pitr_enabled
+  }
 }